Centos 6 - Polkit Privilege EscalationID: oval:org.secpod.oval:def:77530 | Date: (C)2022-01-31 (M)2024-04-17 |
Class: VULNERABILITY | Family: unix |
The polkit package is designed to define and handle policies that allow unprivileged processes to communicate with privileged processes on a Linux system. Pkexec, part of polkit, is a tool that allows the user to execute commands as another user according to the polkit policy definitions using the setuid feature. The vulnerability found in pkexec allows an unprivileged local attacker to escalate privileges, bypassing any authentication and policies due to incorrect handling of the process?s argument vector.